From b7b21555735f8ebbf4cdf493f2372dacce9d2ac2 Mon Sep 17 00:00:00 2001 From: stskeeps Date: Mon, 19 Feb 2001 18:13:53 +0000 Subject: [PATCH] +- Some small SSL fixes .. --- Changes | 1 + src/ssl.c | 16 +++++++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/Changes b/Changes index 35c2ba7f0..7bcc805a0 100644 --- a/Changes +++ b/Changes @@ -224,3 +224,4 @@ - stats-server and services-server are no longer required (missing = disabled services aliases) - socks set {} options are now optional. Defaults are used if missing - If an invalid ban or except is found, it is removed +- Some small SSL fixes .. diff --git a/src/ssl.c b/src/ssl.c index 3a8e67283..bce0f1ec6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -108,12 +108,18 @@ int ssl_handshake(aClient *cptr) CHK_NULL(cptr->ssl); SSL_set_fd((SSL *) cptr->ssl, cptr->fd); set_non_blocking(cptr->fd, cptr); + /* + * if necessary, SSL_write() will negotiate a TLS/SSL session, if not already explicitly + * performed by SSL_connect() or SSL_accept(). If the peer requests a + * re-negotiation, it will be performed transparently during the SSL_write() operation. + * The behaviour of SSL_write() depends on the underlying BIO. + * + */ err = SSL_accept((SSL *) cptr->ssl); - if ((err) == -1) - { - sendto_umode(UMODE_JUNK, "Lost connection to %s:Error in SSL_accept()", - get_client_name(cptr, TRUE)); - return 0; + if (err == -1) + { + /* wtf. it works, so ? */ + return -1; } /* Get client's certificate (note: beware of dynamic